[squid-users] Unable to Disable sslv3

squid at buglecreek.com squid at buglecreek.com
Wed Sep 12 21:47:09 UTC 2018

I asked this some time ago and am bringing it up again to see if there are any suggestions since we haven't been able to fix it.

We are using squid as reverse proxy and we have disabled SSLv3 :

https_port XXX.XXX.XXX.XXX:443 accel defaultsite=www.example.com vhost cert=/etc/....cert.pem key=/etc/....privkey.pem options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE,CIPHER_SERVER_PREFERENCE cipher=ECDHE-ECDSA . . .. dhparams=/etc/...dhparams.pem

We have also tried the sslproxy_options as well.  

Using Nessus scanning tool, it reports that SSLv3 is enabled, but not SSLv2.   

Version of Squid is  (3.1.23) which is stock RH6 which I know is old, but for now we need to use it. 

The only thing we have been able to do so far is add NO_TLSv1 to the https_port section.  Then the scan comes back clean.   Not sure what to look at next.  Any suggestions? 

More information about the squid-users mailing list